Flask/Python decoding username NTLM or Negotiate Authentication Header

Question

I have my Flask app hosted in IIS in our intranet. In Flask, I'm able to get the www-authenticate header, but I need to determine the windows username. I did have Basic Authentication enabled and was able to parse out the username via that method, but I want this to be transparent to the user. In IE I have the option set to auto login to intranet sites so they're not prompted for a username and password.

I am able to get a string that can either begin with NTLM or Negotiate (depending on the setting in IIS) and a long auth string. What is a reliable way I can decode this in python/Flask?

score 3 · Answer 1 · answered Jul 14 '15 at 19:26

Got it.

class RemoteUserMiddleware(object):
    def __init__(self, app):
        self.app = app
    def __call__(self, environ, start_response):
        user = environ.pop('HTTP_X_PROXY_REMOTE_USER', None)
        environ['REMOTE_USER'] = user

    return self.app(environ, start_response)

app.wsgi_app = RemoteUserMiddleware(app.wsgi_app)

Then in the view by doing this:

username = str(request.environ.get('LOGON_USER'))

Flask/Python decoding username NTLM or Negotiate Authentication Header

1 Answers1

Linked